On 04:50, Fri 16 Feb 07, John wrote: > Hello list > > I've taken normal steps to secure ssh (via key only) but, because it > is still on the normal port (22), I keep seeing attempts like this in my > auth log: > > This is every couple of seconds as you can see. What i'd like is to > allow max 2 failures from one IP in 30 seconds, if more than that write > to /etc/shitlist.txt which, if the connecting IP is found in there, logs > and silently drops the connection. Can pf do this? >
This is very well possible. Have a look here: http://www.openbsd.org/faq/pf/filter.html#stateopts What you want is the overload stuff. Works great on my setup. Use it for ftp and ssh. -- Michiel van Baak [EMAIL PROTECTED] http://michiel.vanbaak.eu GnuPG key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x71C946BD "Why is it drug addicts and computer afficionados are both called users?"
